@tern-secure/nextjs 5.2.0-canary.v20251030165007 → 5.2.0-canary.v20251108045933
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/app-router/admin/cookieOptionsHelper.js +28 -16
- package/dist/cjs/app-router/admin/cookieOptionsHelper.js.map +1 -1
- package/dist/cjs/app-router/admin/request.js +6 -1
- package/dist/cjs/app-router/admin/request.js.map +1 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js +2 -1
- package/dist/cjs/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/cjs/app-router/admin/types.js +19 -10
- package/dist/cjs/app-router/admin/types.js.map +1 -1
- package/dist/cjs/app-router/server/TernSecureProvider.js +1 -1
- package/dist/cjs/app-router/server/TernSecureProvider.js.map +1 -1
- package/dist/cjs/app-router/server/auth.js +1 -1
- package/dist/cjs/app-router/server/auth.js.map +1 -1
- package/dist/cjs/index.js +0 -3
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/server/data/getAuthDataFromRequest.js +15 -15
- package/dist/cjs/server/data/getAuthDataFromRequest.js.map +1 -1
- package/dist/cjs/server/index.js +3 -6
- package/dist/cjs/server/index.js.map +1 -1
- package/dist/cjs/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} +18 -7
- package/dist/cjs/server/ternSecureProxy.js.map +1 -0
- package/dist/cjs/utils/allNextProviderProps.js +1 -0
- package/dist/cjs/utils/allNextProviderProps.js.map +1 -1
- package/dist/cjs/utils/config.js +1 -0
- package/dist/cjs/utils/config.js.map +1 -1
- package/dist/esm/app-router/admin/cookieOptionsHelper.js +26 -15
- package/dist/esm/app-router/admin/cookieOptionsHelper.js.map +1 -1
- package/dist/esm/app-router/admin/request.js +7 -2
- package/dist/esm/app-router/admin/request.js.map +1 -1
- package/dist/esm/app-router/admin/sessionHandlers.js +2 -1
- package/dist/esm/app-router/admin/sessionHandlers.js.map +1 -1
- package/dist/esm/app-router/admin/types.js +17 -9
- package/dist/esm/app-router/admin/types.js.map +1 -1
- package/dist/esm/app-router/server/TernSecureProvider.js +2 -2
- package/dist/esm/app-router/server/TernSecureProvider.js.map +1 -1
- package/dist/esm/app-router/server/auth.js +2 -2
- package/dist/esm/app-router/server/auth.js.map +1 -1
- package/dist/esm/index.js +0 -2
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/server/data/getAuthDataFromRequest.js +21 -13
- package/dist/esm/server/data/getAuthDataFromRequest.js.map +1 -1
- package/dist/esm/server/index.js +3 -7
- package/dist/esm/server/index.js.map +1 -1
- package/dist/esm/server/{ternSecureEdgeMiddleware.js → ternSecureProxy.js} +16 -5
- package/dist/esm/server/ternSecureProxy.js.map +1 -0
- package/dist/esm/utils/allNextProviderProps.js +1 -0
- package/dist/esm/utils/allNextProviderProps.js.map +1 -1
- package/dist/esm/utils/config.js +1 -0
- package/dist/esm/utils/config.js.map +1 -1
- package/dist/types/app-router/admin/cookieOptionsHelper.d.ts +2 -10
- package/dist/types/app-router/admin/cookieOptionsHelper.d.ts.map +1 -1
- package/dist/types/app-router/admin/request.d.ts.map +1 -1
- package/dist/types/app-router/admin/sessionHandlers.d.ts.map +1 -1
- package/dist/types/app-router/admin/types.d.ts +2 -1
- package/dist/types/app-router/admin/types.d.ts.map +1 -1
- package/dist/types/app-router/server/auth.d.ts.map +1 -1
- package/dist/types/index.d.ts +1 -2
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/server/data/getAuthDataFromRequest.d.ts +6 -6
- package/dist/types/server/data/getAuthDataFromRequest.d.ts.map +1 -1
- package/dist/types/server/index.d.ts +1 -2
- package/dist/types/server/index.d.ts.map +1 -1
- package/dist/types/server/{ternSecureEdgeMiddleware.d.ts → ternSecureProxy.d.ts} +2 -2
- package/dist/types/server/ternSecureProxy.d.ts.map +1 -0
- package/dist/types/utils/allNextProviderProps.d.ts.map +1 -1
- package/dist/types/utils/config.d.ts.map +1 -1
- package/package.json +7 -9
- package/dist/cjs/app-router/server/TernSecureProviderNode.js +0 -92
- package/dist/cjs/app-router/server/TernSecureProviderNode.js.map +0 -1
- package/dist/cjs/app-router/server/auth_new.js +0 -41
- package/dist/cjs/app-router/server/auth_new.js.map +0 -1
- package/dist/cjs/server/ternSecureEdgeMiddleware.js.map +0 -1
- package/dist/cjs/utils/admin-init.js +0 -4
- package/dist/cjs/utils/admin-init.js.map +0 -1
- package/dist/cjs/utils/client-init.js +0 -4
- package/dist/cjs/utils/client-init.js.map +0 -1
- package/dist/esm/app-router/server/TernSecureProviderNode.js +0 -58
- package/dist/esm/app-router/server/TernSecureProviderNode.js.map +0 -1
- package/dist/esm/app-router/server/auth_new.js +0 -17
- package/dist/esm/app-router/server/auth_new.js.map +0 -1
- package/dist/esm/server/ternSecureEdgeMiddleware.js.map +0 -1
- package/dist/esm/utils/admin-init.js +0 -3
- package/dist/esm/utils/admin-init.js.map +0 -1
- package/dist/esm/utils/client-init.js +0 -3
- package/dist/esm/utils/client-init.js.map +0 -1
- package/dist/types/app-router/server/TernSecureProviderNode.d.ts +0 -4
- package/dist/types/app-router/server/TernSecureProviderNode.d.ts.map +0 -1
- package/dist/types/app-router/server/auth_new.d.ts +0 -14
- package/dist/types/app-router/server/auth_new.d.ts.map +0 -1
- package/dist/types/server/ternSecureEdgeMiddleware.d.ts.map +0 -1
- package/dist/types/utils/admin-init.d.ts +0 -2
- package/dist/types/utils/admin-init.d.ts.map +0 -1
- package/dist/types/utils/client-init.d.ts +0 -2
- package/dist/types/utils/client-init.d.ts.map +0 -1
|
@@ -18,34 +18,46 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
18
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
19
|
var cookieOptionsHelper_exports = {};
|
|
20
20
|
__export(cookieOptionsHelper_exports, {
|
|
21
|
-
|
|
22
|
-
|
|
21
|
+
getDeleteOptions: () => getDeleteOptions,
|
|
22
|
+
getIdTokenCookieOptions: () => getIdTokenCookieOptions,
|
|
23
|
+
getSessionCookieOptions: () => getSessionCookieOptions
|
|
23
24
|
});
|
|
24
25
|
module.exports = __toCommonJS(cookieOptionsHelper_exports);
|
|
25
26
|
var import_types = require("./types");
|
|
26
|
-
|
|
27
|
+
const ONE_YEAR_IN_SECONDS = 365 * 24 * 60 * 60;
|
|
28
|
+
function getIdTokenCookieOptions() {
|
|
27
29
|
return {
|
|
28
|
-
path:
|
|
29
|
-
httpOnly:
|
|
30
|
-
secure:
|
|
31
|
-
sameSite:
|
|
32
|
-
maxAge:
|
|
33
|
-
priority:
|
|
30
|
+
path: "/",
|
|
31
|
+
httpOnly: true,
|
|
32
|
+
secure: process.env.NODE_ENV === "production",
|
|
33
|
+
sameSite: "strict",
|
|
34
|
+
maxAge: ONE_YEAR_IN_SECONDS,
|
|
35
|
+
priority: "high"
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
function getSessionCookieOptions(config) {
|
|
39
|
+
return {
|
|
40
|
+
path: config?.cookies?.path ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.path ?? "/",
|
|
41
|
+
httpOnly: config?.cookies?.httpOnly ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.httpOnly ?? true,
|
|
42
|
+
secure: config?.cookies?.secure ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
|
|
43
|
+
sameSite: config?.cookies?.sameSite ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.sameSite ?? "strict",
|
|
44
|
+
maxAge: config?.cookies?.maxAge ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.maxAge,
|
|
45
|
+
priority: config?.cookies?.priority ?? import_types.DEFAULT_SESSION_COOKIE_OPTIONS.priority
|
|
34
46
|
};
|
|
35
47
|
}
|
|
36
48
|
function getDeleteOptions(options) {
|
|
37
49
|
return {
|
|
38
|
-
path: options?.cookies?.path ?? import_types.
|
|
39
|
-
httpOnly: options?.cookies?.httpOnly ?? import_types.
|
|
40
|
-
secure: options?.cookies?.secure ?? import_types.
|
|
41
|
-
sameSite: options?.cookies?.sameSite ?? import_types.
|
|
50
|
+
path: options?.cookies?.path ?? import_types.DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.path ?? "/",
|
|
51
|
+
httpOnly: options?.cookies?.httpOnly ?? import_types.DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.httpOnly ?? true,
|
|
52
|
+
secure: options?.cookies?.secure ?? import_types.DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === "production",
|
|
53
|
+
sameSite: options?.cookies?.sameSite ?? import_types.DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.sameSite ?? "strict",
|
|
42
54
|
revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true
|
|
43
|
-
// Domain is intentionally omitted to use current domain
|
|
44
55
|
};
|
|
45
56
|
}
|
|
46
57
|
// Annotate the CommonJS export names for ESM import in node:
|
|
47
58
|
0 && (module.exports = {
|
|
48
|
-
|
|
49
|
-
|
|
59
|
+
getDeleteOptions,
|
|
60
|
+
getIdTokenCookieOptions,
|
|
61
|
+
getSessionCookieOptions
|
|
50
62
|
});
|
|
51
63
|
//# sourceMappingURL=cookieOptionsHelper.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"sourcesContent":["import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';\n\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/cookieOptionsHelper.ts"],"sourcesContent":["import type { CookieOptions, TernSecureHandlerOptions } from '@tern-secure/types';\n\nimport { DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS, DEFAULT_SESSION_COOKIE_OPTIONS } from './types';\n\nconst ONE_YEAR_IN_SECONDS = 365 * 24 * 60 * 60;\n\n\nexport function getIdTokenCookieOptions(\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: '/',\n httpOnly: true,\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: ONE_YEAR_IN_SECONDS,\n priority: 'high',\n };\n}\n\nexport function getSessionCookieOptions(\n config?: TernSecureHandlerOptions,\n): Required<Pick<CookieOptions, 'path' | 'httpOnly' | 'secure' | 'sameSite'>> &\n Pick<CookieOptions, 'maxAge' | 'priority'> {\n return {\n path: config?.cookies?.path ?? DEFAULT_SESSION_COOKIE_OPTIONS.path ?? '/',\n httpOnly: config?.cookies?.httpOnly ?? DEFAULT_SESSION_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n config?.cookies?.secure ?? DEFAULT_SESSION_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: config?.cookies?.sameSite ?? DEFAULT_SESSION_COOKIE_OPTIONS.sameSite ?? 'strict',\n maxAge: config?.cookies?.maxAge ?? DEFAULT_SESSION_COOKIE_OPTIONS.maxAge,\n priority: config?.cookies?.priority ?? DEFAULT_SESSION_COOKIE_OPTIONS.priority,\n };\n}\n\n\nexport function getDeleteOptions(options?: {\n cookies?: TernSecureHandlerOptions['cookies'];\n revokeRefreshTokensOnSignOut?: boolean;\n}): {\n path: string;\n httpOnly?: boolean;\n secure?: boolean;\n domain?: string;\n sameSite?: 'lax' | 'strict' | 'none';\n revokeRefreshTokensOnSignOut?: boolean;\n} {\n return {\n path: options?.cookies?.path ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.path ?? '/',\n httpOnly: options?.cookies?.httpOnly ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.httpOnly ?? true,\n secure:\n options?.cookies?.secure ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.secure ?? process.env.NODE_ENV === 'production',\n sameSite: options?.cookies?.sameSite ?? DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS.sameSite ?? 'strict',\n revokeRefreshTokensOnSignOut: options?.revokeRefreshTokensOnSignOut ?? true,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAAwF;AAExF,MAAM,sBAAsB,MAAM,KAAK,KAAK;AAGrC,SAAS,0BAE6B;AAC3C,SAAO;AAAA,IACL,MAAM;AAAA,IACN,UAAU;AAAA,IACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,IACjC,UAAU;AAAA,IACV,QAAQ;AAAA,IACR,UAAU;AAAA,EACZ;AACF;AAEO,SAAS,wBACd,QAE2C;AAC3C,SAAO;AAAA,IACL,MAAM,QAAQ,SAAS,QAAQ,4CAA+B,QAAQ;AAAA,IACtE,UAAU,QAAQ,SAAS,YAAY,4CAA+B,YAAY;AAAA,IAClF,QACE,QAAQ,SAAS,UAAU,4CAA+B,UAAU,QAAQ,IAAI,aAAa;AAAA,IAC/F,UAAU,QAAQ,SAAS,YAAY,4CAA+B,YAAY;AAAA,IAClF,QAAQ,QAAQ,SAAS,UAAU,4CAA+B;AAAA,IAClE,UAAU,QAAQ,SAAS,YAAY,4CAA+B;AAAA,EACxE;AACF;AAGO,SAAS,iBAAiB,SAU/B;AACA,SAAO;AAAA,IACL,MAAM,SAAS,SAAS,QAAQ,qDAAwC,QAAQ;AAAA,IAChF,UAAU,SAAS,SAAS,YAAY,qDAAwC,YAAY;AAAA,IAC5F,QACE,SAAS,SAAS,UAAU,qDAAwC,UAAU,QAAQ,IAAI,aAAa;AAAA,IACzG,UAAU,SAAS,SAAS,YAAY,qDAAwC,YAAY;AAAA,IAC5F,8BAA8B,SAAS,gCAAgC;AAAA,EACzE;AACF;","names":[]}
|
|
@@ -41,7 +41,7 @@ async function refreshCookieWithIdToken(idToken, cookieStore, config, referrer)
|
|
|
41
41
|
},
|
|
42
42
|
apiClient: backendClient
|
|
43
43
|
};
|
|
44
|
-
const COOKIE_OPTIONS = (0, import_cookieOptionsHelper.
|
|
44
|
+
const COOKIE_OPTIONS = (0, import_cookieOptionsHelper.getIdTokenCookieOptions)();
|
|
45
45
|
const { createCustomIdAndRefreshToken } = (0, import_auth.getAuth)(authOptions);
|
|
46
46
|
const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });
|
|
47
47
|
const cookiePrefix = (0, import_cookie.getCookiePrefix)();
|
|
@@ -55,6 +55,11 @@ async function refreshCookieWithIdToken(idToken, cookieStore, config, referrer)
|
|
|
55
55
|
(0, import_cookie.getCookieName)(import_backend.constants.Cookies.Refresh, cookiePrefix),
|
|
56
56
|
customTokens.refreshToken,
|
|
57
57
|
COOKIE_OPTIONS
|
|
58
|
+
),
|
|
59
|
+
cookieStore.set(
|
|
60
|
+
import_backend.constants.Cookies.TernAut,
|
|
61
|
+
customTokens.auth_time.toString(),
|
|
62
|
+
{ secure: true, maxAge: 365 * 24 * 60 * 60 }
|
|
58
63
|
)
|
|
59
64
|
];
|
|
60
65
|
if (config?.enableCustomToken) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/request.ts"],"sourcesContent":["import type { AuthenticateRequestOptions } from '@tern-secure/backend';\nimport { constants } from '@tern-secure/backend';\nimport { getAuth } from '@tern-secure/backend/auth';\nimport { getCookieName, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nimport { ternSecureBackendClient } from '../../server/ternsecureClient';\nimport type { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET,\n} from './constants';\nimport { getIdTokenCookieOptions } from './cookieOptionsHelper';\nimport type { TernSecureHandlerOptions } from './types';\n\nexport async function refreshCookieWithIdToken(\n idToken: string,\n cookieStore: NextCookieStore,\n config?: TernSecureHandlerOptions,\n referrer?: string,\n): Promise<void> {\n const backendClient = await ternSecureBackendClient();\n\n const authOptions: AuthenticateRequestOptions = {\n tenantId: config?.tenantId || undefined,\n firebaseConfig: {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n },\n apiClient: backendClient,\n };\n\n const COOKIE_OPTIONS = getIdTokenCookieOptions();\n\n const { createCustomIdAndRefreshToken } = getAuth(authOptions);\n\n const customTokens = await createCustomIdAndRefreshToken(idToken, { referer: referrer });\n\n const cookiePrefix = getCookiePrefix();\n\n const cookiePromises = [\n cookieStore.set(\n getCookieName(constants.Cookies.IdToken, cookiePrefix),\n customTokens.idToken,\n COOKIE_OPTIONS,\n ),\n cookieStore.set(\n getCookieName(constants.Cookies.Refresh, cookiePrefix),\n customTokens.refreshToken,\n COOKIE_OPTIONS,\n ),\n\n cookieStore.set(\n constants.Cookies.TernAut,\n customTokens.auth_time.toString(),\n { secure: true, maxAge: 365 * 24 * 60 * 60 }\n ),\n ];\n\n if (config?.enableCustomToken) {\n cookiePromises.push(\n cookieStore.set(constants.Cookies.Custom, customTokens.customToken, COOKIE_OPTIONS),\n );\n }\n\n await Promise.all(cookiePromises);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAA0B;AAC1B,kBAAwB;AACxB,oBAA+C;AAE/C,8BAAwC;AAExC,uBAOO;AACP,iCAAwC;AAGxC,eAAsB,yBACpB,SACA,aACA,QACA,UACe;AACf,QAAM,gBAAgB,UAAM,iDAAwB;AAEpD,QAAM,cAA0C;AAAA,IAC9C,UAAU,QAAQ,YAAY;AAAA,IAC9B,gBAAgB;AAAA,MACd,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,IACT;AAAA,IACA,WAAW;AAAA,EACb;AAEA,QAAM,qBAAiB,oDAAwB;AAE/C,QAAM,EAAE,8BAA8B,QAAI,qBAAQ,WAAW;AAE7D,QAAM,eAAe,MAAM,8BAA8B,SAAS,EAAE,SAAS,SAAS,CAAC;AAEvF,QAAM,mBAAe,+BAAgB;AAErC,QAAM,iBAAiB;AAAA,IACrB,YAAY;AAAA,UACV,6BAAc,yBAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IACA,YAAY;AAAA,UACV,6BAAc,yBAAU,QAAQ,SAAS,YAAY;AAAA,MACrD,aAAa;AAAA,MACb;AAAA,IACF;AAAA,IAEA,YAAY;AAAA,MACV,yBAAU,QAAQ;AAAA,MAClB,aAAa,UAAU,SAAS;AAAA,MAChC,EAAE,QAAQ,MAAM,QAAQ,MAAM,KAAK,KAAK,GAAG;AAAA,IAC7C;AAAA,EACF;AAEA,MAAI,QAAQ,mBAAmB;AAC7B,mBAAe;AAAA,MACb,YAAY,IAAI,yBAAU,QAAQ,QAAQ,aAAa,aAAa,cAAc;AAAA,IACpF;AAAA,EACF;AAEA,QAAM,QAAQ,IAAI,cAAc;AAClC;","names":[]}
|
|
@@ -22,6 +22,7 @@ __export(sessionHandlers_exports, {
|
|
|
22
22
|
sessionEndpointHandler: () => sessionEndpointHandler
|
|
23
23
|
});
|
|
24
24
|
module.exports = __toCommonJS(sessionHandlers_exports);
|
|
25
|
+
var import_backend = require("@tern-secure/backend");
|
|
25
26
|
var import_admin = require("@tern-secure/backend/admin");
|
|
26
27
|
var import_jwt = require("@tern-secure/backend/jwt");
|
|
27
28
|
var import_NextCookieAdapter = require("../../utils/NextCookieAdapter");
|
|
@@ -74,7 +75,7 @@ async function sessionEndpointHandler(context, config) {
|
|
|
74
75
|
const cookieStore = new import_NextCookieAdapter.NextCookieStore();
|
|
75
76
|
const { idToken, csrfToken, error } = await validateSessionRequest();
|
|
76
77
|
if (error) return error;
|
|
77
|
-
const csrfCookieValue = await cookieStore.get(
|
|
78
|
+
const csrfCookieValue = await cookieStore.get(import_backend.constants.Cookies.CsrfToken);
|
|
78
79
|
validateCsrfToken(csrfToken || "", csrfCookieValue.value);
|
|
79
80
|
const handleCreateSession = async (cookieStore2, idToken2) => {
|
|
80
81
|
try {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { CookieSubEndpoint } from '@tern-secure/types';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, createApiSuccessResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nasync function sessionEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const sessionCookie = context.sessionTokenInCookie;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get('_session_terncf');\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, config);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nasync function cookieEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n const { validateSecurity } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Cookie sub-endpoint required', 400);\n }\n\n const cookiesConfig = config.endpoints?.cookies;\n const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint as CookieSubEndpoint];\n\n if (!subEndpointConfig || !subEndpointConfig.enabled) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Cookie endpoint not found or disabled', 404);\n }\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const CookieGetHandler = async (subEndpoint: CookieSubEndpoint): Promise<Response> => {\n const handleGetCookie = async (): Promise<Response> => {\n try {\n const url = new URL(context.ternUrl);\n const tokenName = url.searchParams.get('tokenName');\n\n if (!tokenName) {\n return createApiErrorResponse('TOKEN_NAME_REQUIRED', 'tokenName query parameter is required', 400);\n }\n\n let cookieValue: string | undefined;\n\n switch (tokenName) {\n case 'idToken':\n cookieValue = context.idTokenInCookie;\n break;\n case 'sessionToken':\n cookieValue = context.sessionTokenInCookie;\n break;\n case 'refreshToken':\n cookieValue = context.refreshTokenInCookie;\n break;\n case 'customToken':\n cookieValue = context.customTokenInCookie;\n break;\n default:\n return createApiErrorResponse('INVALID_TOKEN_NAME', 'Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken', 400);\n }\n\n if (!cookieValue) {\n return createApiErrorResponse(\n 'TOKEN_NOT_FOUND',\n `${tokenName} not found in httpOnly cookies`,\n 404\n );\n }\n\n return createApiSuccessResponse({\n token: cookieValue,\n });\n } catch (error) {\n return createApiErrorResponse('COOKIE_RETRIEVAL_FAILED', 'Failed to retrieve cookie', 500);\n }\n };\n\n switch (subEndpoint) {\n case 'get':\n return handleGetCookie();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return CookieGetHandler(subEndpoint as CookieSubEndpoint);\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nexport { sessionEndpointHandler, cookieEndpointHandler };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAmC;AACnC,iBAAuC;AAGvC,+BAAgC;AAEhC,0BAAiC;AACjC,qBAAyC;AACzC,uBAA4G;AAG5G,eAAe,uBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,gBAAgB,QAAQ;AAC9B,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,iBAAiB;AAC/D,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,kBAAM,yCAAyBA,UAASD,cAAa,QAAQ,QAAQ;AACrE,eAAO,uCAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,mBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM,yCAAyBA,UAASD,cAAa,MAAM;AAC9E,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,mBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,eAAe,sBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,iBAAa,sCAAiB,OAAO;AAC3C,QAAM,EAAE,iBAAiB,IAAI;AAE7B,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,gCAAgC,GAAG;AAAA,EAC5F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,MAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,eAAO,yCAAuB,sBAAsB,yCAAyC,GAAG;AAAA,EAClG;AAEA,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,mBAAmB,OAAOA,iBAAsD;AACpF,UAAM,kBAAkB,YAA+B;AACrD,UAAI;AACF,cAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,cAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAElD,YAAI,CAAC,WAAW;AACd,qBAAO,yCAAuB,uBAAuB,yCAAyC,GAAG;AAAA,QACnG;AAEA,YAAI;AAEJ,gBAAQ,WAAW;AAAA,UACjB,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF;AACE,uBAAO,yCAAuB,sBAAsB,wFAAwF,GAAG;AAAA,QACnJ;AAEA,YAAI,CAAC,aAAa;AAChB,qBAAO;AAAA,YACL;AAAA,YACA,GAAG,SAAS;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAEA,mBAAO,2CAAyB;AAAA,UAC9B,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,OAAO;AACd,mBAAO,yCAAuB,2BAA2B,6BAA6B,GAAG;AAAA,MAC3F;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,gBAAgB;AAAA,MACzB;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,iBAAiB,WAAgC;AAAA,IAC1D;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/sessionHandlers.ts"],"sourcesContent":["import { constants } from '@tern-secure/backend';\nimport { clearSessionCookie } from '@tern-secure/backend/admin';\nimport { ternDecodeJwtUnguarded } from '@tern-secure/backend/jwt';\nimport type { CookieSubEndpoint } from '@tern-secure/types';\n\nimport { NextCookieStore } from '../../utils/NextCookieAdapter';\nimport { type RequestProcessorContext } from './c-authenticateRequestProcessor';\nimport { createValidators } from './fnValidators';\nimport { refreshCookieWithIdToken } from './request';\nimport { createApiErrorResponse, createApiSuccessResponse, HttpResponseHelper, SessionResponseHelper } from './responses';\nimport type { SessionSubEndpoint, TernSecureHandlerOptions } from './types';\n\nasync function sessionEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method, referrer } = context;\n\n const validators = createValidators(context);\n\n const {\n validateSubEndpoint,\n validateSecurity,\n validateSessionRequest,\n validateCsrfToken,\n validateIdToken,\n } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Session sub-endpoint required', 400);\n }\n\n const sessionsConfig = config.endpoints?.sessions;\n const subEndpointConfig = sessionsConfig?.subEndpoints?.[subEndpoint];\n\n validateSubEndpoint(subEndpoint, subEndpointConfig);\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const SessionGetHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const handleSessionVerify = async (): Promise<Response> => {\n try {\n const sessionCookie = context.sessionTokenInCookie;\n if (!sessionCookie) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n const { data: decodedSession, errors } = ternDecodeJwtUnguarded(sessionCookie);\n if (errors) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n\n return SessionResponseHelper.createVerificationResponse(decodedSession);\n } catch (error) {\n return SessionResponseHelper.createUnauthorizedResponse();\n }\n };\n\n switch (subEndpoint) {\n case 'verify':\n return handleSessionVerify();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n const SessionPostHandler = async (subEndpoint: SessionSubEndpoint): Promise<Response> => {\n const cookieStore = new NextCookieStore();\n\n const { idToken, csrfToken, error } = await validateSessionRequest();\n if (error) return error;\n\n const csrfCookieValue = await cookieStore.get(constants.Cookies.CsrfToken);\n validateCsrfToken(csrfToken || '', csrfCookieValue.value);\n\n const handleCreateSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n await refreshCookieWithIdToken(idToken, cookieStore, config, referrer);\n return SessionResponseHelper.createSessionCreationResponse({\n success: true,\n message: 'Session created successfully',\n });\n } catch (error) {\n return createApiErrorResponse('SESSION_CREATION_FAILED', 'Session creation failed', 500);\n }\n };\n\n const handleRefreshSession = async (\n cookieStore: NextCookieStore,\n idToken: string,\n ): Promise<Response> => {\n try {\n const decodedSession = ternDecodeJwtUnguarded(idToken);\n if (decodedSession.errors) {\n return createApiErrorResponse('INVALID_SESSION', 'Invalid session for refresh', 401);\n }\n\n const refreshRes = await refreshCookieWithIdToken(idToken, cookieStore, config);\n return SessionResponseHelper.createRefreshResponse(refreshRes);\n } catch (error) {\n return createApiErrorResponse('REFRESH_FAILED', 'Session refresh failed', 500);\n }\n };\n\n const handleRevokeSession = async (cookieStore: NextCookieStore): Promise<Response> => {\n const res = await clearSessionCookie(cookieStore);\n return SessionResponseHelper.createRevokeResponse(res);\n };\n\n switch (subEndpoint) {\n case 'createsession': {\n validateIdToken(idToken);\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleCreateSession(cookieStore, idToken!);\n }\n\n case 'refresh':\n //eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n return handleRefreshSession(cookieStore, idToken!);\n\n case 'revoke':\n return handleRevokeSession(cookieStore);\n\n default:\n return HttpResponseHelper.createSubEndpointNotSupportedResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return SessionGetHandler(subEndpoint);\n\n case 'POST':\n return SessionPostHandler(subEndpoint);\n\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nasync function cookieEndpointHandler(\n context: RequestProcessorContext,\n config: TernSecureHandlerOptions,\n): Promise<Response> {\n const { subEndpoint, method } = context;\n\n const validators = createValidators(context);\n const { validateSecurity } = validators;\n\n if (!subEndpoint) {\n return createApiErrorResponse('SUB_ENDPOINT_REQUIRED', 'Cookie sub-endpoint required', 400);\n }\n\n const cookiesConfig = config.endpoints?.cookies;\n const subEndpointConfig = cookiesConfig?.subEndpoints?.[subEndpoint as CookieSubEndpoint];\n\n if (!subEndpointConfig || !subEndpointConfig.enabled) {\n return createApiErrorResponse('ENDPOINT_NOT_FOUND', 'Cookie endpoint not found or disabled', 404);\n }\n\n if (subEndpointConfig?.security) {\n await validateSecurity(subEndpointConfig.security);\n }\n\n const CookieGetHandler = async (subEndpoint: CookieSubEndpoint): Promise<Response> => {\n const handleGetCookie = async (): Promise<Response> => {\n try {\n const url = new URL(context.ternUrl);\n const tokenName = url.searchParams.get('tokenName');\n\n if (!tokenName) {\n return createApiErrorResponse('TOKEN_NAME_REQUIRED', 'tokenName query parameter is required', 400);\n }\n\n let cookieValue: string | undefined;\n\n switch (tokenName) {\n case 'idToken':\n cookieValue = context.idTokenInCookie;\n break;\n case 'sessionToken':\n cookieValue = context.sessionTokenInCookie;\n break;\n case 'refreshToken':\n cookieValue = context.refreshTokenInCookie;\n break;\n case 'customToken':\n cookieValue = context.customTokenInCookie;\n break;\n default:\n return createApiErrorResponse('INVALID_TOKEN_NAME', 'Invalid token name. Must be one of: idToken, sessionToken, refreshToken, customToken', 400);\n }\n\n if (!cookieValue) {\n return createApiErrorResponse(\n 'TOKEN_NOT_FOUND',\n `${tokenName} not found in httpOnly cookies`,\n 404\n );\n }\n\n return createApiSuccessResponse({\n token: cookieValue,\n });\n } catch (error) {\n return createApiErrorResponse('COOKIE_RETRIEVAL_FAILED', 'Failed to retrieve cookie', 500);\n }\n };\n\n switch (subEndpoint) {\n case 'get':\n return handleGetCookie();\n default:\n return HttpResponseHelper.createNotFoundResponse();\n }\n };\n\n switch (method) {\n case 'GET':\n return CookieGetHandler(subEndpoint as CookieSubEndpoint);\n default:\n return HttpResponseHelper.createMethodNotAllowedResponse();\n }\n}\n\nexport { sessionEndpointHandler, cookieEndpointHandler };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,qBAA0B;AAC1B,mBAAmC;AACnC,iBAAuC;AAGvC,+BAAgC;AAEhC,0BAAiC;AACjC,qBAAyC;AACzC,uBAA4G;AAG5G,eAAe,uBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,QAAQ,SAAS,IAAI;AAE1C,QAAM,iBAAa,sCAAiB,OAAO;AAE3C,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,iCAAiC,GAAG;AAAA,EAC7F;AAEA,QAAM,iBAAiB,OAAO,WAAW;AACzC,QAAM,oBAAoB,gBAAgB,eAAe,WAAW;AAEpE,sBAAoB,aAAa,iBAAiB;AAElD,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,oBAAoB,OAAOA,iBAAuD;AACtF,UAAM,sBAAsB,YAA+B;AACzD,UAAI;AACF,cAAM,gBAAgB,QAAQ;AAC9B,YAAI,CAAC,eAAe;AAClB,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,cAAM,EAAE,MAAM,gBAAgB,OAAO,QAAI,mCAAuB,aAAa;AAC7E,YAAI,QAAQ;AACV,iBAAO,uCAAsB,2BAA2B;AAAA,QAC1D;AAEA,eAAO,uCAAsB,2BAA2B,cAAc;AAAA,MACxE,SAAS,OAAO;AACd,eAAO,uCAAsB,2BAA2B;AAAA,MAC1D;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,oBAAoB;AAAA,MAC7B;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,QAAM,qBAAqB,OAAOA,iBAAuD;AACvF,UAAM,cAAc,IAAI,yCAAgB;AAExC,UAAM,EAAE,SAAS,WAAW,MAAM,IAAI,MAAM,uBAAuB;AACnE,QAAI,MAAO,QAAO;AAElB,UAAM,kBAAkB,MAAM,YAAY,IAAI,yBAAU,QAAQ,SAAS;AACzE,sBAAkB,aAAa,IAAI,gBAAgB,KAAK;AAExD,UAAM,sBAAsB,OAC1BC,cACAC,aACsB;AACtB,UAAI;AACF,kBAAM,yCAAyBA,UAASD,cAAa,QAAQ,QAAQ;AACrE,eAAO,uCAAsB,8BAA8B;AAAA,UACzD,SAAS;AAAA,UACT,SAAS;AAAA,QACX,CAAC;AAAA,MACH,SAASE,QAAO;AACd,mBAAO,yCAAuB,2BAA2B,2BAA2B,GAAG;AAAA,MACzF;AAAA,IACF;AAEA,UAAM,uBAAuB,OAC3BF,cACAC,aACsB;AACtB,UAAI;AACF,cAAM,qBAAiB,mCAAuBA,QAAO;AACrD,YAAI,eAAe,QAAQ;AACzB,qBAAO,yCAAuB,mBAAmB,+BAA+B,GAAG;AAAA,QACrF;AAEA,cAAM,aAAa,UAAM,yCAAyBA,UAASD,cAAa,MAAM;AAC9E,eAAO,uCAAsB,sBAAsB,UAAU;AAAA,MAC/D,SAASE,QAAO;AACd,mBAAO,yCAAuB,kBAAkB,0BAA0B,GAAG;AAAA,MAC/E;AAAA,IACF;AAEA,UAAM,sBAAsB,OAAOF,iBAAoD;AACrF,YAAM,MAAM,UAAM,iCAAmBA,YAAW;AAChD,aAAO,uCAAsB,qBAAqB,GAAG;AAAA,IACvD;AAEA,YAAQD,cAAa;AAAA,MACnB,KAAK,iBAAiB;AACpB,wBAAgB,OAAO;AAEvB,eAAO,oBAAoB,aAAa,OAAQ;AAAA,MAClD;AAAA,MAEA,KAAK;AAEH,eAAO,qBAAqB,aAAa,OAAQ;AAAA,MAEnD,KAAK;AACH,eAAO,oBAAoB,WAAW;AAAA,MAExC;AACE,eAAO,oCAAmB,sCAAsC;AAAA,IACpE;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,kBAAkB,WAAW;AAAA,IAEtC,KAAK;AACH,aAAO,mBAAmB,WAAW;AAAA,IAEvC;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;AAEA,eAAe,sBACb,SACA,QACmB;AACnB,QAAM,EAAE,aAAa,OAAO,IAAI;AAEhC,QAAM,iBAAa,sCAAiB,OAAO;AAC3C,QAAM,EAAE,iBAAiB,IAAI;AAE7B,MAAI,CAAC,aAAa;AAChB,eAAO,yCAAuB,yBAAyB,gCAAgC,GAAG;AAAA,EAC5F;AAEA,QAAM,gBAAgB,OAAO,WAAW;AACxC,QAAM,oBAAoB,eAAe,eAAe,WAAgC;AAExF,MAAI,CAAC,qBAAqB,CAAC,kBAAkB,SAAS;AACpD,eAAO,yCAAuB,sBAAsB,yCAAyC,GAAG;AAAA,EAClG;AAEA,MAAI,mBAAmB,UAAU;AAC/B,UAAM,iBAAiB,kBAAkB,QAAQ;AAAA,EACnD;AAEA,QAAM,mBAAmB,OAAOA,iBAAsD;AACpF,UAAM,kBAAkB,YAA+B;AACrD,UAAI;AACF,cAAM,MAAM,IAAI,IAAI,QAAQ,OAAO;AACnC,cAAM,YAAY,IAAI,aAAa,IAAI,WAAW;AAElD,YAAI,CAAC,WAAW;AACd,qBAAO,yCAAuB,uBAAuB,yCAAyC,GAAG;AAAA,QACnG;AAEA,YAAI;AAEJ,gBAAQ,WAAW;AAAA,UACjB,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF,KAAK;AACH,0BAAc,QAAQ;AACtB;AAAA,UACF;AACE,uBAAO,yCAAuB,sBAAsB,wFAAwF,GAAG;AAAA,QACnJ;AAEA,YAAI,CAAC,aAAa;AAChB,qBAAO;AAAA,YACL;AAAA,YACA,GAAG,SAAS;AAAA,YACZ;AAAA,UACF;AAAA,QACF;AAEA,mBAAO,2CAAyB;AAAA,UAC9B,OAAO;AAAA,QACT,CAAC;AAAA,MACH,SAAS,OAAO;AACd,mBAAO,yCAAuB,2BAA2B,6BAA6B,GAAG;AAAA,MAC3F;AAAA,IACF;AAEA,YAAQA,cAAa;AAAA,MACnB,KAAK;AACH,eAAO,gBAAgB;AAAA,MACzB;AACE,eAAO,oCAAmB,uBAAuB;AAAA,IACrD;AAAA,EACF;AAEA,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,aAAO,iBAAiB,WAAgC;AAAA,IAC1D;AACE,aAAO,oCAAmB,+BAA+B;AAAA,EAC7D;AACF;","names":["subEndpoint","cookieStore","idToken","error"]}
|
|
@@ -19,13 +19,14 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
19
19
|
var types_exports = {};
|
|
20
20
|
__export(types_exports, {
|
|
21
21
|
CookieUtils: () => CookieUtils,
|
|
22
|
-
DEFAULT_COOKIE_OPTIONS: () => DEFAULT_COOKIE_OPTIONS,
|
|
23
22
|
DEFAULT_COOKIE_REQUEST_CONFIG: () => DEFAULT_COOKIE_REQUEST_CONFIG,
|
|
24
23
|
DEFAULT_CORS_OPTIONS: () => DEFAULT_CORS_OPTIONS,
|
|
25
24
|
DEFAULT_ENDPOINT_CONFIG: () => DEFAULT_ENDPOINT_CONFIG,
|
|
26
25
|
DEFAULT_HANDLER_OPTIONS: () => DEFAULT_HANDLER_OPTIONS,
|
|
26
|
+
DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS: () => DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS,
|
|
27
27
|
DEFAULT_SECURITY_OPTIONS: () => DEFAULT_SECURITY_OPTIONS,
|
|
28
28
|
DEFAULT_SESSIONS_CONFIG: () => DEFAULT_SESSIONS_CONFIG,
|
|
29
|
+
DEFAULT_SESSION_COOKIE_OPTIONS: () => DEFAULT_SESSION_COOKIE_OPTIONS,
|
|
29
30
|
FIXED_TOKEN_CONFIGS: () => FIXED_TOKEN_CONFIGS
|
|
30
31
|
});
|
|
31
32
|
module.exports = __toCommonJS(types_exports);
|
|
@@ -37,7 +38,16 @@ const DEFAULT_CORS_OPTIONS = {
|
|
|
37
38
|
maxAge: 86400
|
|
38
39
|
// 24 hours
|
|
39
40
|
};
|
|
40
|
-
const
|
|
41
|
+
const DEFAULT_SESSION_COOKIE_OPTIONS = {
|
|
42
|
+
httpOnly: true,
|
|
43
|
+
path: "/",
|
|
44
|
+
secure: process.env.NODE_ENV === "production",
|
|
45
|
+
sameSite: "strict",
|
|
46
|
+
maxAge: 12 * 60 * 60 * 24,
|
|
47
|
+
// twelve days
|
|
48
|
+
priority: "high"
|
|
49
|
+
};
|
|
50
|
+
const DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS = {
|
|
41
51
|
httpOnly: true,
|
|
42
52
|
path: "/",
|
|
43
53
|
secure: process.env.NODE_ENV === "production",
|
|
@@ -146,7 +156,7 @@ const DEFAULT_SESSIONS_CONFIG = {
|
|
|
146
156
|
};
|
|
147
157
|
const DEFAULT_HANDLER_OPTIONS = {
|
|
148
158
|
cors: DEFAULT_CORS_OPTIONS,
|
|
149
|
-
cookies:
|
|
159
|
+
cookies: DEFAULT_SESSION_COOKIE_OPTIONS,
|
|
150
160
|
rateLimit: {
|
|
151
161
|
windowMs: 15 * 60 * 1e3,
|
|
152
162
|
// 15 minutes
|
|
@@ -180,13 +190,11 @@ class CookieUtils {
|
|
|
180
190
|
};
|
|
181
191
|
}
|
|
182
192
|
static getSessionConfig(cookieOptions) {
|
|
183
|
-
const sessionConfig = cookieOptions.session || {};
|
|
184
|
-
const defaultSession = DEFAULT_COOKIE_OPTIONS.session || {};
|
|
185
193
|
return {
|
|
186
|
-
path:
|
|
187
|
-
httpOnly:
|
|
188
|
-
sameSite:
|
|
189
|
-
maxAge:
|
|
194
|
+
path: cookieOptions.path ?? "/",
|
|
195
|
+
httpOnly: cookieOptions.httpOnly ?? true,
|
|
196
|
+
sameSite: cookieOptions.sameSite ?? "lax",
|
|
197
|
+
maxAge: cookieOptions.maxAge ?? 3600 * 24 * 7
|
|
190
198
|
};
|
|
191
199
|
}
|
|
192
200
|
static getFixedTokenConfig(tokenType) {
|
|
@@ -207,13 +215,14 @@ class CookieUtils {
|
|
|
207
215
|
// Annotate the CommonJS export names for ESM import in node:
|
|
208
216
|
0 && (module.exports = {
|
|
209
217
|
CookieUtils,
|
|
210
|
-
DEFAULT_COOKIE_OPTIONS,
|
|
211
218
|
DEFAULT_COOKIE_REQUEST_CONFIG,
|
|
212
219
|
DEFAULT_CORS_OPTIONS,
|
|
213
220
|
DEFAULT_ENDPOINT_CONFIG,
|
|
214
221
|
DEFAULT_HANDLER_OPTIONS,
|
|
222
|
+
DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS,
|
|
215
223
|
DEFAULT_SECURITY_OPTIONS,
|
|
216
224
|
DEFAULT_SESSIONS_CONFIG,
|
|
225
|
+
DEFAULT_SESSION_COOKIE_OPTIONS,
|
|
217
226
|
FIXED_TOKEN_CONFIGS
|
|
218
227
|
});
|
|
219
228
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieEndpointConfig,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/admin/types.ts"],"sourcesContent":["import type {\n AuthEndpoint,\n CookieEndpointConfig,\n CookieOpts as CookieOptions,\n CorsOptions,\n EndpointConfig,\n SecurityOptions,\n SessionEndpointConfig,\n SessionSubEndpoint,\n TernSecureHandlerOptions,\n TokenCookieConfig,\n} from '@tern-secure/types';\nimport { type NextResponse } from 'next/server';\n\nexport const DEFAULT_CORS_OPTIONS: CorsOptions = {\n allowedOrigins: [],\n allowedMethods: ['GET', 'POST'],\n allowedHeaders: ['Content-Type', 'Authorization', 'X-Requested-With'],\n allowCredentials: true,\n maxAge: 86400, // 24 hours\n};\n\nexport const DEFAULT_SESSION_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\nexport const DEFAULT_ID_REFRESH_TOKEN_COOKIE_OPTIONS: CookieOptions = {\n httpOnly: true,\n path: '/',\n secure: process.env.NODE_ENV === 'production',\n sameSite: 'strict',\n maxAge: 12 * 60 * 60 * 24, // twelve days\n priority: 'high',\n};\n\n\nexport const FIXED_TOKEN_CONFIGS = {\n id: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600, // 1 hour\n },\n refresh: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 30, // 30 days (changes when user events occur)\n },\n signature: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n custom: {\n path: '/',\n httpOnly: true,\n sameSite: 'lax' as const,\n maxAge: 3600 * 24 * 7, // 1 week (as needed)\n },\n} as const;\n\nexport const DEFAULT_SECURITY_OPTIONS: SecurityOptions = {\n requireCSRF: true,\n allowedReferers: [],\n requiredHeaders: {},\n ipWhitelist: [],\n userAgent: {\n block: [],\n allow: [],\n },\n};\n\nexport const DEFAULT_ENDPOINT_CONFIG: EndpointConfig = {\n enabled: true,\n methods: ['GET', 'POST'],\n requireAuth: false,\n security: DEFAULT_SECURITY_OPTIONS,\n};\n\nexport const DEFAULT_COOKIE_REQUEST_CONFIG: CookieEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n get: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n },\n};\n\nexport const DEFAULT_SESSIONS_CONFIG: SessionEndpointConfig = {\n ...DEFAULT_ENDPOINT_CONFIG,\n subEndpoints: {\n verify: {\n enabled: true,\n methods: ['GET'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n allowedReferers: [],\n },\n },\n createsession: {\n enabled: true,\n methods: ['POST'],\n requireAuth: false,\n security: {\n requireCSRF: true,\n },\n },\n refresh: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n revoke: {\n enabled: true,\n methods: ['POST'],\n requireAuth: true,\n security: {\n requireCSRF: true,\n },\n },\n },\n};\n\nexport const DEFAULT_HANDLER_OPTIONS: Required<TernSecureHandlerOptions> & {\n endpoints: Required<NonNullable<TernSecureHandlerOptions['endpoints']>>;\n} = {\n cors: DEFAULT_CORS_OPTIONS,\n cookies: DEFAULT_SESSION_COOKIE_OPTIONS,\n rateLimit: {\n windowMs: 15 * 60 * 1000, // 15 minutes\n maxRequests: 100,\n skipSuccessful: false,\n skipFailedRequests: false,\n },\n security: DEFAULT_SECURITY_OPTIONS,\n endpoints: {\n cookies: DEFAULT_COOKIE_REQUEST_CONFIG,\n sessions: DEFAULT_SESSIONS_CONFIG,\n },\n tenantId: '',\n revokeRefreshTokensOnSignOut: true,\n enableCustomToken: false,\n debug: false,\n environment: 'production',\n basePath: '/api/auth',\n};\n\nexport interface ValidationResult {\n error?: NextResponse;\n data?: any;\n}\n\nexport interface ValidationConfig {\n cors?: CorsOptions;\n security?: SecurityOptions;\n endpoint?: {\n name: AuthEndpoint;\n config: EndpointConfig;\n };\n subEndpoint?: {\n name: SessionSubEndpoint;\n config: EndpointConfig;\n };\n requireIdToken?: boolean;\n requireCsrfToken?: boolean;\n}\n\nexport interface ComprehensiveValidationResult {\n isValid: boolean;\n error?: Response;\n corsResponse?: Response;\n sessionData?: {\n body: any;\n idToken?: string;\n csrfToken?: string;\n };\n}\n\nexport type suffix = 'session' | 'id' | 'refresh' | 'signature' | 'custom';\n\nexport class CookieUtils {\n static getCookieName(namePrefix: string, tokenType: suffix): string {\n return `${namePrefix}.${tokenType}`;\n }\n\n static getCookieNames(namePrefix: string) {\n return {\n session: this.getCookieName(namePrefix, 'session'),\n id: this.getCookieName(namePrefix, 'id'),\n refresh: this.getCookieName(namePrefix, 'refresh'),\n signature: this.getCookieName(namePrefix, 'signature'),\n custom: this.getCookieName(namePrefix, 'custom'),\n };\n }\n\n static getSessionConfig(cookieOptions: CookieOptions): TokenCookieConfig {\n return {\n path: cookieOptions.path ?? '/',\n httpOnly: cookieOptions.httpOnly ?? true,\n sameSite: cookieOptions.sameSite ?? 'lax',\n maxAge: cookieOptions.maxAge ?? 3600 * 24 * 7,\n };\n }\n\n static getFixedTokenConfig(\n tokenType: Exclude<suffix, 'session'>,\n ): TokenCookieConfig {\n const fixedConfig = FIXED_TOKEN_CONFIGS[tokenType];\n\n return {\n path: fixedConfig.path,\n httpOnly: fixedConfig.httpOnly,\n sameSite: fixedConfig.sameSite,\n maxAge: fixedConfig.maxAge,\n };\n }\n\n static validateSessionMaxAge(maxAge: number): boolean {\n const minAge = 300; // 5 minutes\n const maxAgeLimit = 3600 * 24 * 14; // 2 weeks\n return maxAge >= minAge && maxAge <= maxAgeLimit;\n }\n}\n\nexport {\n AuthEndpoint,\n CookieOptions,\n CorsOptions,\n SecurityOptions,\n SessionSubEndpoint,\n EndpointConfig,\n SessionEndpointConfig,\n TernSecureHandlerOptions,\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcO,MAAM,uBAAoC;AAAA,EAC/C,gBAAgB,CAAC;AAAA,EACjB,gBAAgB,CAAC,OAAO,MAAM;AAAA,EAC9B,gBAAgB,CAAC,gBAAgB,iBAAiB,kBAAkB;AAAA,EACpE,kBAAkB;AAAA,EAClB,QAAQ;AAAA;AACV;AAEO,MAAM,iCAAgD;AAAA,EAC3D,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAEO,MAAM,0CAAyD;AAAA,EACpE,UAAU;AAAA,EACV,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI,aAAa;AAAA,EACjC,UAAU;AAAA,EACV,QAAQ,KAAK,KAAK,KAAK;AAAA;AAAA,EACvB,UAAU;AACZ;AAGO,MAAM,sBAAsB;AAAA,EACjC,IAAI;AAAA,IACF,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ;AAAA;AAAA,EACV;AAAA,EACA,SAAS;AAAA,IACP,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,WAAW;AAAA,IACT,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AAAA,EACA,QAAQ;AAAA,IACN,MAAM;AAAA,IACN,UAAU;AAAA,IACV,UAAU;AAAA,IACV,QAAQ,OAAO,KAAK;AAAA;AAAA,EACtB;AACF;AAEO,MAAM,2BAA4C;AAAA,EACvD,aAAa;AAAA,EACb,iBAAiB,CAAC;AAAA,EAClB,iBAAiB,CAAC;AAAA,EAClB,aAAa,CAAC;AAAA,EACd,WAAW;AAAA,IACT,OAAO,CAAC;AAAA,IACR,OAAO,CAAC;AAAA,EACV;AACF;AAEO,MAAM,0BAA0C;AAAA,EACrD,SAAS;AAAA,EACT,SAAS,CAAC,OAAO,MAAM;AAAA,EACvB,aAAa;AAAA,EACb,UAAU;AACZ;AAEO,MAAM,gCAAsD;AAAA,EACjE,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,KAAK;AAAA,MACH,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAAiD;AAAA,EAC5D,GAAG;AAAA,EACH,cAAc;AAAA,IACZ,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,KAAK;AAAA,MACf,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,QACb,iBAAiB,CAAC;AAAA,MACpB;AAAA,IACF;AAAA,IACA,eAAe;AAAA,MACb,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,SAAS;AAAA,MACP,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,IACA,QAAQ;AAAA,MACN,SAAS;AAAA,MACT,SAAS,CAAC,MAAM;AAAA,MAChB,aAAa;AAAA,MACb,UAAU;AAAA,QACR,aAAa;AAAA,MACf;AAAA,IACF;AAAA,EACF;AACF;AAEO,MAAM,0BAET;AAAA,EACF,MAAM;AAAA,EACN,SAAS;AAAA,EACT,WAAW;AAAA,IACT,UAAU,KAAK,KAAK;AAAA;AAAA,IACpB,aAAa;AAAA,IACb,gBAAgB;AAAA,IAChB,oBAAoB;AAAA,EACtB;AAAA,EACA,UAAU;AAAA,EACV,WAAW;AAAA,IACT,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AAAA,EACA,UAAU;AAAA,EACV,8BAA8B;AAAA,EAC9B,mBAAmB;AAAA,EACnB,OAAO;AAAA,EACP,aAAa;AAAA,EACb,UAAU;AACZ;AAmCO,MAAM,YAAY;AAAA,EACvB,OAAO,cAAc,YAAoB,WAA2B;AAClE,WAAO,GAAG,UAAU,IAAI,SAAS;AAAA,EACnC;AAAA,EAEA,OAAO,eAAe,YAAoB;AACxC,WAAO;AAAA,MACL,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,IAAI,KAAK,cAAc,YAAY,IAAI;AAAA,MACvC,SAAS,KAAK,cAAc,YAAY,SAAS;AAAA,MACjD,WAAW,KAAK,cAAc,YAAY,WAAW;AAAA,MACrD,QAAQ,KAAK,cAAc,YAAY,QAAQ;AAAA,IACjD;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB,eAAiD;AACvE,WAAO;AAAA,MACL,MAAM,cAAc,QAAQ;AAAA,MAC5B,UAAU,cAAc,YAAY;AAAA,MACpC,UAAU,cAAc,YAAY;AAAA,MACpC,QAAQ,cAAc,UAAU,OAAO,KAAK;AAAA,IAC9C;AAAA,EACF;AAAA,EAEA,OAAO,oBACL,WACmB;AACnB,UAAM,cAAc,oBAAoB,SAAS;AAEjD,WAAO;AAAA,MACL,MAAM,YAAY;AAAA,MAClB,UAAU,YAAY;AAAA,MACtB,UAAU,YAAY;AAAA,MACtB,QAAQ,YAAY;AAAA,IACtB;AAAA,EACF;AAAA,EAEA,OAAO,sBAAsB,QAAyB;AACpD,UAAM,SAAS;AACf,UAAM,cAAc,OAAO,KAAK;AAChC,WAAO,UAAU,UAAU,UAAU;AAAA,EACvC;AACF;","names":[]}
|
|
@@ -41,7 +41,7 @@ var import_TernSecureProvider = require("../client/TernSecureProvider");
|
|
|
41
41
|
var import_utils = require("./utils");
|
|
42
42
|
const getTernSecureState = import_react.default.cache(async function getTernSecureState2() {
|
|
43
43
|
const request = await (0, import_utils.buildRequestLike)();
|
|
44
|
-
const data = (0, import_getAuthDataFromRequest.
|
|
44
|
+
const data = (0, import_getAuthDataFromRequest.getTernSecureAuthData)(request);
|
|
45
45
|
return data;
|
|
46
46
|
});
|
|
47
47
|
async function TernSecureProvider(props) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/TernSecureProvider.tsx"],"sourcesContent":["import type { TernSecureInitialState } from '@tern-secure/types';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromiseAuthProvider } from '../../boundary/PromiseAuthProvider';\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/TernSecureProvider.tsx"],"sourcesContent":["import type { TernSecureInitialState } from '@tern-secure/types';\nimport type { ReactNode } from 'react';\nimport React from 'react';\n\nimport { PromiseAuthProvider } from '../../boundary/PromiseAuthProvider';\nimport { getTernSecureAuthData } from '../../server/data/getAuthDataFromRequest';\nimport { isNext13 } from '../../server/sdk-versions';\nimport type { TernSecureNextProps } from '../../types';\nimport { allNextProviderPropsWithEnv } from '../../utils/allNextProviderProps';\nimport { ClientTernSecureProvider } from '../client/TernSecureProvider';\nimport { buildRequestLike } from './utils';\n\nconst getTernSecureState = React.cache(async function getTernSecureState() {\n const request = await buildRequestLike();\n const data = getTernSecureAuthData(request);\n return data;\n});\n\nexport async function TernSecureProvider(props: TernSecureNextProps) {\n const { children, ...rest } = props;\n const { persistence } = rest;\n\n const browserCookiePersistence = persistence === 'browserCookie';\n\n async function generateStatePromise() {\n if (!browserCookiePersistence) {\n return Promise.resolve(undefined);\n }\n if (isNext13) {\n return Promise.resolve(await getTernSecureState());\n }\n return getTernSecureState();\n }\n\n const providerProps = allNextProviderPropsWithEnv({ ...rest });\n\n let output: ReactNode;\n\n if (browserCookiePersistence) {\n output = (\n <PromiseAuthProvider\n authPromise={generateStatePromise() as unknown as Promise<TernSecureInitialState>}\n >\n <ClientTernSecureProvider\n {...providerProps}\n initialState={await generateStatePromise()}\n >\n {children}\n </ClientTernSecureProvider>\n </PromiseAuthProvider>\n );\n } else {\n output = (\n <ClientTernSecureProvider\n {...providerProps}\n >\n {children}\n </ClientTernSecureProvider>\n );\n }\n\n return output;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA2CQ;AAzCR,mBAAkB;AAElB,iCAAoC;AACpC,oCAAsC;AACtC,0BAAyB;AAEzB,kCAA4C;AAC5C,gCAAyC;AACzC,mBAAiC;AAEjC,MAAM,qBAAqB,aAAAA,QAAM,MAAM,eAAeC,sBAAqB;AACzE,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,WAAO,qDAAsB,OAAO;AAC1C,SAAO;AACT,CAAC;AAED,eAAsB,mBAAmB,OAA4B;AACnE,QAAM,EAAE,UAAU,GAAG,KAAK,IAAI;AAC9B,QAAM,EAAE,YAAY,IAAI;AAExB,QAAM,2BAA2B,gBAAgB;AAEjD,iBAAe,uBAAuB;AACpC,QAAI,CAAC,0BAA0B;AAC7B,aAAO,QAAQ,QAAQ,MAAS;AAAA,IAClC;AACA,QAAI,8BAAU;AACZ,aAAO,QAAQ,QAAQ,MAAM,mBAAmB,CAAC;AAAA,IACnD;AACA,WAAO,mBAAmB;AAAA,EAC5B;AAEA,QAAM,oBAAgB,yDAA4B,EAAE,GAAG,KAAK,CAAC;AAE7D,MAAI;AAEJ,MAAI,0BAA0B;AAC5B,aACE;AAAA,MAAC;AAAA;AAAA,QACC,aAAa,qBAAqB;AAAA,QAElC;AAAA,UAAC;AAAA;AAAA,YACE,GAAG;AAAA,YACJ,cAAc,MAAM,qBAAqB;AAAA,YAExC;AAAA;AAAA,QACH;AAAA;AAAA,IACF;AAAA,EAEJ,OAAO;AACL,aACE;AAAA,MAAC;AAAA;AAAA,QACE,GAAG;AAAA,QAEH;AAAA;AAAA,IACH;AAAA,EAEJ;AAEA,SAAO;AACT;","names":["React","getTernSecureState"]}
|
|
@@ -30,7 +30,7 @@ var import_protect = require("../../server/protect");
|
|
|
30
30
|
var import_utils = require("./utils");
|
|
31
31
|
const createAuthObject = () => {
|
|
32
32
|
return async (req) => {
|
|
33
|
-
return (0, import_getAuthDataFromRequest.
|
|
33
|
+
return (0, import_getAuthDataFromRequest.getAuthDataFromRequest)(req);
|
|
34
34
|
};
|
|
35
35
|
};
|
|
36
36
|
const auth = async () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["import type { AuthObject, RedirectFun } from '@tern-secure/backend';\r\nimport { createRedirect, createTernSecureRequest } from '@tern-secure/backend';\r\nimport { notFound, redirect } from 'next/navigation';\r\n\r\nimport { SIGN_IN_URL, SIGN_UP_URL } from '../../server/constant';\r\nimport { type Aobj,
|
|
1
|
+
{"version":3,"sources":["../../../../src/app-router/server/auth.ts"],"sourcesContent":["import type { AuthObject, RedirectFun } from '@tern-secure/backend';\r\nimport { createRedirect, createTernSecureRequest } from '@tern-secure/backend';\r\nimport { notFound, redirect } from 'next/navigation';\r\n\r\nimport { SIGN_IN_URL, SIGN_UP_URL } from '../../server/constant';\r\nimport { type Aobj, getAuthDataFromRequest } from '../../server/data/getAuthDataFromRequest';\r\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\r\nimport { type AuthProtect, createProtect } from '../../server/protect';\r\nimport type { BaseUser, RequestLike } from '../../server/types';\r\nimport { buildRequestLike } from './utils';\r\n\r\n/**\r\n * @deprecated will be removed in future versions.\r\n*/\r\nexport interface AuthResult {\r\n user: BaseUser | null;\r\n error: Error | null;\r\n}\r\n\r\n/**\r\n * `Auth` object of the currently active user and the `redirectToSignIn()` method.\r\n */\r\ntype Auth = AuthObject & Aobj & {\r\n redirectToSignIn: RedirectFun<ReturnType<typeof redirect>>;\r\n redirectToSignUp: RedirectFun<ReturnType<typeof redirect>>;\r\n};\r\n\r\nexport interface AuthFn {\r\n (): Promise<Auth>;\r\n\r\n protect: AuthProtect;\r\n}\r\n\r\nconst createAuthObject = () => {\r\n return async (req: RequestLike) => {\r\n return getAuthDataFromRequest(req);\r\n };\r\n};\r\n\r\n/**\r\n * Get the current authenticated user from the session or token\r\n */\r\nexport const auth: AuthFn = async () => {\r\n // eslint-disable-next-line @typescript-eslint/no-require-imports\r\n require('server-only');\r\n\r\n const request = await buildRequestLike();\r\n\r\n const authObject = await createAuthObject()(request);\r\n\r\n const ternUrl = getAuthKeyFromRequest(request, 'TernSecureUrl');\r\n\r\n const createRedirectForRequest = (...args: Parameters<RedirectFun<never>>) => {\r\n const { returnBackUrl } = args[0] || {};\r\n const ternSecureRequest = createTernSecureRequest(request);\r\n\r\n return [\r\n createRedirect({\r\n redirectAdapter: redirect,\r\n baseUrl: ternSecureRequest.ternUrl.toString(),\r\n signInUrl: SIGN_IN_URL,\r\n signUpUrl: SIGN_UP_URL,\r\n }),\r\n returnBackUrl === null ? '' : returnBackUrl || ternUrl?.toString(),\r\n ] as const;\r\n };\r\n\r\n const redirectToSignIn: RedirectFun<never> = (opts = {}) => {\r\n const [r, returnBackUrl] = createRedirectForRequest(opts);\r\n return r.redirectToSignIn({\r\n returnBackUrl,\r\n });\r\n };\r\n\r\n const redirectToSignUp: RedirectFun<never> = (opts = {}) => {\r\n const [r, returnBackUrl] = createRedirectForRequest(opts);\r\n return r.redirectToSignUp({\r\n returnBackUrl,\r\n });\r\n };\r\n\r\n return Object.assign(authObject, { redirectToSignIn, redirectToSignUp });\r\n};\r\n\r\nauth.protect = async (...args: any[]) => {\r\n // eslint-disable-next-line @typescript-eslint/no-require-imports\r\n require('server-only');\r\n\r\n const request = await buildRequestLike();\r\n const authObject = await auth();\r\n\r\n const protect = createProtect({\r\n request,\r\n authObject,\r\n redirectToSignIn: authObject.redirectToSignIn,\r\n notFound,\r\n redirect,\r\n });\r\n\r\n return protect(...args);\r\n};\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAwD;AACxD,wBAAmC;AAEnC,sBAAyC;AACzC,oCAAkD;AAClD,2BAAsC;AACtC,qBAAgD;AAEhD,mBAAiC;AAwBjC,MAAM,mBAAmB,MAAM;AAC7B,SAAO,OAAO,QAAqB;AACjC,eAAO,sDAAuB,GAAG;AAAA,EACnC;AACF;AAKO,MAAM,OAAe,YAAY;AAEtC,UAAQ,aAAa;AAErB,QAAM,UAAU,UAAM,+BAAiB;AAEvC,QAAM,aAAa,MAAM,iBAAiB,EAAE,OAAO;AAEnD,QAAM,cAAU,4CAAsB,SAAS,eAAe;AAE9D,QAAM,2BAA2B,IAAI,SAAyC;AAC5E,UAAM,EAAE,cAAc,IAAI,KAAK,CAAC,KAAK,CAAC;AACtC,UAAM,wBAAoB,wCAAwB,OAAO;AAEzD,WAAO;AAAA,UACL,+BAAe;AAAA,QACb,iBAAiB;AAAA,QACjB,SAAS,kBAAkB,QAAQ,SAAS;AAAA,QAC5C,WAAW;AAAA,QACX,WAAW;AAAA,MACb,CAAC;AAAA,MACD,kBAAkB,OAAO,KAAK,iBAAiB,SAAS,SAAS;AAAA,IACnE;AAAA,EACF;AAEA,QAAM,mBAAuC,CAAC,OAAO,CAAC,MAAM;AAC1D,UAAM,CAAC,GAAG,aAAa,IAAI,yBAAyB,IAAI;AACxD,WAAO,EAAE,iBAAiB;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,mBAAuC,CAAC,OAAO,CAAC,MAAM;AAC1D,UAAM,CAAC,GAAG,aAAa,IAAI,yBAAyB,IAAI;AACxD,WAAO,EAAE,iBAAiB;AAAA,MACxB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO,OAAO,OAAO,YAAY,EAAE,kBAAkB,iBAAiB,CAAC;AACzE;AAEA,KAAK,UAAU,UAAU,SAAgB;AAEvC,UAAQ,aAAa;AAErB,QAAM,UAAU,UAAM,+BAAiB;AACvC,QAAM,aAAa,MAAM,KAAK;AAE9B,QAAM,cAAU,8BAAc;AAAA,IAC5B;AAAA,IACA;AAAA,IACA,kBAAkB,WAAW;AAAA,IAC7B;AAAA,IACA;AAAA,EACF,CAAC;AAED,SAAO,QAAQ,GAAG,IAAI;AACxB;","names":[]}
|
package/dist/cjs/index.js
CHANGED
|
@@ -21,7 +21,6 @@ __export(index_exports, {
|
|
|
21
21
|
SignInProvider: () => import_components.SignInProvider,
|
|
22
22
|
SignUpProvider: () => import_components.SignUpProvider,
|
|
23
23
|
TernSecureProvider: () => import_TernSecureProvider.TernSecureProvider,
|
|
24
|
-
TernSecureProviderNode: () => import_TernSecureProviderNode.TernSecureProviderNode,
|
|
25
24
|
signIn: () => import_components.signIn,
|
|
26
25
|
useAuth: () => import_components.useAuth,
|
|
27
26
|
useIdToken: () => import_components.useIdToken,
|
|
@@ -34,14 +33,12 @@ __export(index_exports, {
|
|
|
34
33
|
});
|
|
35
34
|
module.exports = __toCommonJS(index_exports);
|
|
36
35
|
var import_TernSecureProvider = require("./app-router/server/TernSecureProvider");
|
|
37
|
-
var import_TernSecureProviderNode = require("./app-router/server/TernSecureProviderNode");
|
|
38
36
|
var import_components = require("./boundary/components");
|
|
39
37
|
// Annotate the CommonJS export names for ESM import in node:
|
|
40
38
|
0 && (module.exports = {
|
|
41
39
|
SignInProvider,
|
|
42
40
|
SignUpProvider,
|
|
43
41
|
TernSecureProvider,
|
|
44
|
-
TernSecureProviderNode,
|
|
45
42
|
signIn,
|
|
46
43
|
useAuth,
|
|
47
44
|
useIdToken,
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureProvider } from './app-router/server/TernSecureProvider';\r\nexport {
|
|
1
|
+
{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureProvider } from './app-router/server/TernSecureProvider';\r\nexport {\r\n useAuth,\r\n useIdToken,\r\n useSession,\r\n useSignIn,\r\n useSignUp,\r\n signIn,\r\n useSignInContext,\r\n useSignUpContext,\r\n useTernSecure,\r\n SignInProvider,\r\n SignUpProvider,\r\n} from './boundary/components';\r\n\r\nexport type {\r\n TernSecureUser,\r\n SignInResponse,\r\n SignUpResponse,\r\n SocialProviderOptions,\r\n} from '@tern-secure/types';\r\n\r\nexport type { UserInfo, SessionResult } from './types';\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,gCAAmC;AACnC,wBAYO;","names":[]}
|
|
@@ -19,11 +19,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
|
|
|
19
19
|
var getAuthDataFromRequest_exports = {};
|
|
20
20
|
__export(getAuthDataFromRequest_exports, {
|
|
21
21
|
authObjectToSerializable: () => authObjectToSerializable,
|
|
22
|
-
|
|
22
|
+
authObjectToSerializableJwt: () => authObjectToSerializableJwt,
|
|
23
23
|
getAuthDataFromRequest: () => getAuthDataFromRequest,
|
|
24
|
-
|
|
24
|
+
getAuthDataFromRequestJwt: () => getAuthDataFromRequestJwt,
|
|
25
25
|
getTernSecureAuthData: () => getTernSecureAuthData,
|
|
26
|
-
|
|
26
|
+
getTernSecureAuthDataJwt: () => getTernSecureAuthDataJwt
|
|
27
27
|
});
|
|
28
28
|
module.exports = __toCommonJS(getAuthDataFromRequest_exports);
|
|
29
29
|
var import_backend = require("@tern-secure/backend");
|
|
@@ -32,15 +32,15 @@ var import_app = require("firebase/app");
|
|
|
32
32
|
var import_auth = require("firebase/auth");
|
|
33
33
|
var import_headers_utils = require("../../server/headers-utils");
|
|
34
34
|
var import_constant = require("../constant");
|
|
35
|
-
const
|
|
35
|
+
const authObjectToSerializableJwt = (obj) => {
|
|
36
36
|
const { require: require2, ...rest } = obj;
|
|
37
37
|
return rest;
|
|
38
38
|
};
|
|
39
|
-
function
|
|
40
|
-
const authObject =
|
|
39
|
+
function getTernSecureAuthDataJwt(req, initialState = {}) {
|
|
40
|
+
const authObject = getAuthDataFromRequestJwt(req);
|
|
41
41
|
return authObjectToSerializable({ ...initialState, ...authObject });
|
|
42
42
|
}
|
|
43
|
-
function
|
|
43
|
+
function getAuthDataFromRequestJwt(req) {
|
|
44
44
|
const authStatus = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthStatus");
|
|
45
45
|
const authToken = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthToken");
|
|
46
46
|
const authSignature = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthSignature");
|
|
@@ -54,15 +54,15 @@ function getAuthDataFromRequest(req) {
|
|
|
54
54
|
}
|
|
55
55
|
return authObject;
|
|
56
56
|
}
|
|
57
|
-
const
|
|
57
|
+
const authObjectToSerializable = (obj) => {
|
|
58
58
|
const { require: require2, ...rest } = obj;
|
|
59
59
|
return rest;
|
|
60
60
|
};
|
|
61
|
-
async function
|
|
62
|
-
const authObject = await
|
|
63
|
-
return
|
|
61
|
+
async function getTernSecureAuthData(req, initialState = {}) {
|
|
62
|
+
const authObject = await getAuthDataFromRequest(req);
|
|
63
|
+
return authObjectToSerializable({ ...initialState, ...authObject });
|
|
64
64
|
}
|
|
65
|
-
async function
|
|
65
|
+
async function getAuthDataFromRequest(req) {
|
|
66
66
|
const authStatus = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthStatus");
|
|
67
67
|
const authToken = (0, import_headers_utils.getAuthKeyFromRequest)(req, "AuthToken");
|
|
68
68
|
if (!authStatus || authStatus !== import_backend.AuthStatus.SignedIn) {
|
|
@@ -151,10 +151,10 @@ const authenticateRequest = async (token, request) => {
|
|
|
151
151
|
// Annotate the CommonJS export names for ESM import in node:
|
|
152
152
|
0 && (module.exports = {
|
|
153
153
|
authObjectToSerializable,
|
|
154
|
-
|
|
154
|
+
authObjectToSerializableJwt,
|
|
155
155
|
getAuthDataFromRequest,
|
|
156
|
-
|
|
156
|
+
getAuthDataFromRequestJwt,
|
|
157
157
|
getTernSecureAuthData,
|
|
158
|
-
|
|
158
|
+
getTernSecureAuthDataJwt
|
|
159
159
|
});
|
|
160
160
|
//# sourceMappingURL=getAuthDataFromRequest.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\nimport { AuthStatus, signedInAuthObject, signedOutAuthObject } from '@tern-secure/backend';\nimport { ternDecodeJwt } from '@tern-secure/backend/jwt';\nimport type { ParsedToken, TernSecureConfig, TernSecureUser } from '@tern-secure/types';\nimport type { FirebaseServerApp } from \"firebase/app\";\nimport { initializeServerApp } from \"firebase/app\";\nimport type { Auth } from \"firebase/auth\";\nimport { getAuth } from \"firebase/auth\";\n\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\nimport type { RequestLike } from '../../server/types';\nimport {
|
|
1
|
+
{"version":3,"sources":["../../../../src/server/data/getAuthDataFromRequest.ts"],"sourcesContent":["import type { AuthObject } from '@tern-secure/backend';\nimport { AuthStatus, signedInAuthObject, signedOutAuthObject } from '@tern-secure/backend';\nimport { ternDecodeJwt } from '@tern-secure/backend/jwt';\nimport type { ParsedToken, TernSecureConfig, TernSecureUser } from '@tern-secure/types';\nimport type { FirebaseServerApp } from \"firebase/app\";\nimport { initializeServerApp } from \"firebase/app\";\nimport type { Auth } from \"firebase/auth\";\nimport { getAuth } from \"firebase/auth\";\n\nimport { getAuthKeyFromRequest } from '../../server/headers-utils';\nimport type { RequestLike } from '../../server/types';\nimport {\n FIREBASE_API_KEY,\n FIREBASE_APP_ID,\n FIREBASE_AUTH_DOMAIN,\n FIREBASE_MEASUREMENT_ID,\n FIREBASE_MESSAGING_SENDER_ID,\n FIREBASE_PROJECT_ID,\n FIREBASE_STORAGE_BUCKET\n} from \"../constant\";\n\n\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializableJwt = <T extends Record<string, unknown>>(obj: T): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport function getTernSecureAuthDataJwt(req: RequestLike, initialState = {}) {\n const authObject = getAuthDataFromRequestJwt(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport function getAuthDataFromRequestJwt(req: RequestLike): AuthObject {\n const authStatus = getAuthKeyFromRequest(req, 'AuthStatus');\n const authToken = getAuthKeyFromRequest(req, 'AuthToken');\n const authSignature = getAuthKeyFromRequest(req, 'AuthSignature');\n const authReason = getAuthKeyFromRequest(req, 'AuthReason');\n\n let authObject;\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n authObject = signedOutAuthObject();\n } else {\n const jwt = ternDecodeJwt(authToken as string);\n\n authObject = signedInAuthObject(jwt.raw.text, jwt.payload);\n }\n return authObject;\n}\n\n\nexport type SerializableTernSecureUser = Omit<TernSecureUser, 'delete' | 'getIdToken' | 'getIdTokenResult' | 'reload' | 'toJSON'>;\n\nexport type Aobj = {\n user: SerializableTernSecureUser | null\n userId: string | null\n}\n\n\n// Serializable auth object type\n/**\n * Auth objects moving through the server -> client boundary need to be serializable\n * as we need to ensure that they can be transferred via the network as pure strings.\n * Some frameworks like Remix or Next (/pages dir only) handle this serialization by simply\n * ignoring any non-serializable keys, however Nextjs /app directory is stricter and\n * throws an error if a non-serializable value is found.\n * @internal\n */\nexport const authObjectToSerializable = <T extends Record<string, unknown>>(\n obj: T\n): T => {\n // remove any non-serializable props from the returned object\n\n const { require, ...rest } = obj as unknown as AuthObject;\n return rest as unknown as T;\n};\n\nexport async function getTernSecureAuthData(\n req: RequestLike,\n initialState = {}\n) {\n const authObject = await getAuthDataFromRequest(req);\n return authObjectToSerializable({ ...initialState, ...authObject });\n}\n\nexport async function getAuthDataFromRequest(req: RequestLike): Promise<AuthObject & Aobj> {\n const authStatus = getAuthKeyFromRequest(req, \"AuthStatus\");\n const authToken = getAuthKeyFromRequest(req, \"AuthToken\");\n\n if (!authStatus || authStatus !== AuthStatus.SignedIn) {\n return {\n ...signedOutAuthObject(),\n user: null,\n userId: null\n }\n }\n\n const firebaseUser = await authenticateRequest(authToken as string, req as any);\n if (!firebaseUser || !firebaseUser.claims) {\n return {\n ...signedOutAuthObject(),\n user: null,\n userId: null\n }\n }\n const { user, claims } = firebaseUser;\n const authObject = signedInAuthObject(authToken as string, claims as any);\n return {\n ...authObject,\n user: user || null,\n };\n}\n\nconst authenticateRequest = async (\n token: string,\n request: Request\n): Promise<{ user: SerializableTernSecureUser; claims: ParsedToken } | null> => {\n try {\n const origin = new URL(request.url).origin;\n\n const requestHeaders = new Headers(request.headers);\n requestHeaders.set(\"referer\", origin);\n requestHeaders.set(\"Referer\", origin);\n\n const mockRequest = {\n headers: requestHeaders,\n };\n\n const config: TernSecureConfig = {\n apiKey: FIREBASE_API_KEY,\n authDomain: FIREBASE_AUTH_DOMAIN,\n projectId: FIREBASE_PROJECT_ID,\n storageBucket: FIREBASE_STORAGE_BUCKET,\n messagingSenderId: FIREBASE_MESSAGING_SENDER_ID,\n appId: FIREBASE_APP_ID,\n measurementId: FIREBASE_MEASUREMENT_ID,\n };\n\n const firebaseServerApp: FirebaseServerApp = initializeServerApp(\n config,\n {\n authIdToken: token,\n releaseOnDeref: mockRequest,\n }\n );\n\n const auth: Auth = getAuth(firebaseServerApp);\n await auth.authStateReady();\n\n if (auth.currentUser) {\n const idTokenResult = await auth.currentUser.getIdTokenResult();\n const claims = idTokenResult.claims;\n\n const userObj: SerializableTernSecureUser = {\n uid: auth.currentUser.uid,\n email: auth.currentUser.email,\n emailVerified: auth.currentUser.emailVerified,\n displayName: auth.currentUser.displayName,\n isAnonymous: auth.currentUser.isAnonymous,\n phoneNumber: auth.currentUser.phoneNumber,\n photoURL: auth.currentUser.photoURL,\n providerId: auth.currentUser.providerId,\n tenantId: auth.currentUser.tenantId,\n refreshToken: auth.currentUser.refreshToken,\n metadata: {\n creationTime: auth.currentUser.metadata.creationTime,\n lastSignInTime: auth.currentUser.metadata.lastSignInTime,\n },\n providerData: auth.currentUser.providerData.map((provider) => ({\n uid: provider.uid,\n displayName: provider.displayName,\n email: provider.email,\n phoneNumber: provider.phoneNumber,\n photoURL: provider.photoURL,\n providerId: provider.providerId,\n })),\n };\n\n return { user: userObj, claims };\n }\n\n return null;\n } catch (error) {\n return null;\n }\n};\n\nexport { TernSecureUser }\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,qBAAoE;AACpE,iBAA8B;AAG9B,iBAAoC;AAEpC,kBAAwB;AAExB,2BAAsC;AAEtC,sBAQO;AAWA,MAAM,8BAA8B,CAAoC,QAAc;AAG3F,QAAM,EAAE,SAAAA,UAAS,GAAG,KAAK,IAAI;AAC7B,SAAO;AACT;AAEO,SAAS,yBAAyB,KAAkB,eAAe,CAAC,GAAG;AAC5E,QAAM,aAAa,0BAA0B,GAAG;AAChD,SAAO,yBAAyB,EAAE,GAAG,cAAc,GAAG,WAAW,CAAC;AACpE;AAEO,SAAS,0BAA0B,KAA8B;AACtE,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAC1D,QAAM,gBAAY,4CAAsB,KAAK,WAAW;AACxD,QAAM,oBAAgB,4CAAsB,KAAK,eAAe;AAChE,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAE1D,MAAI;AACJ,MAAI,CAAC,cAAc,eAAe,0BAAW,UAAU;AACrD,qBAAa,oCAAoB;AAAA,EACnC,OAAO;AACL,UAAM,UAAM,0BAAc,SAAmB;AAE7C,qBAAa,mCAAmB,IAAI,IAAI,MAAM,IAAI,OAAO;AAAA,EAC3D;AACA,SAAO;AACT;AAoBO,MAAM,2BAA2B,CACtC,QACM;AAGN,QAAM,EAAE,SAAAA,UAAS,GAAG,KAAK,IAAI;AAC7B,SAAO;AACT;AAEA,eAAsB,sBACpB,KACA,eAAe,CAAC,GAChB;AACA,QAAM,aAAa,MAAM,uBAAuB,GAAG;AACnD,SAAO,yBAAyB,EAAE,GAAG,cAAc,GAAG,WAAW,CAAC;AACpE;AAEA,eAAsB,uBAAuB,KAA8C;AACzF,QAAM,iBAAa,4CAAsB,KAAK,YAAY;AAC1D,QAAM,gBAAY,4CAAsB,KAAK,WAAW;AAExD,MAAI,CAAC,cAAc,eAAe,0BAAW,UAAU;AACrD,WAAO;AAAA,MACL,OAAG,oCAAoB;AAAA,MACvB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,EACF;AAEA,QAAM,eAAe,MAAM,oBAAoB,WAAqB,GAAU;AAC9E,MAAI,CAAC,gBAAgB,CAAC,aAAa,QAAQ;AACzC,WAAO;AAAA,MACL,OAAG,oCAAoB;AAAA,MACvB,MAAM;AAAA,MACN,QAAQ;AAAA,IACV;AAAA,EACF;AACA,QAAM,EAAE,MAAM,OAAO,IAAI;AACzB,QAAM,iBAAa,mCAAmB,WAAqB,MAAa;AACxE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,MAAM,QAAQ;AAAA,EAChB;AACF;AAEA,MAAM,sBAAsB,OAC1B,OACA,YAC8E;AAC9E,MAAI;AACF,UAAM,SAAS,IAAI,IAAI,QAAQ,GAAG,EAAE;AAEpC,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAClD,mBAAe,IAAI,WAAW,MAAM;AACpC,mBAAe,IAAI,WAAW,MAAM;AAEpC,UAAM,cAAc;AAAA,MAClB,SAAS;AAAA,IACX;AAEA,UAAM,SAA2B;AAAA,MAC/B,QAAQ;AAAA,MACR,YAAY;AAAA,MACZ,WAAW;AAAA,MACX,eAAe;AAAA,MACf,mBAAmB;AAAA,MACnB,OAAO;AAAA,MACP,eAAe;AAAA,IACjB;AAEA,UAAM,wBAAuC;AAAA,MAC3C;AAAA,MACA;AAAA,QACE,aAAa;AAAA,QACb,gBAAgB;AAAA,MAClB;AAAA,IACF;AAEA,UAAM,WAAa,qBAAQ,iBAAiB;AAC5C,UAAM,KAAK,eAAe;AAE1B,QAAI,KAAK,aAAa;AACpB,YAAM,gBAAgB,MAAM,KAAK,YAAY,iBAAiB;AAC9D,YAAM,SAAS,cAAc;AAE7B,YAAM,UAAsC;AAAA,QAC1C,KAAK,KAAK,YAAY;AAAA,QACtB,OAAO,KAAK,YAAY;AAAA,QACxB,eAAe,KAAK,YAAY;AAAA,QAChC,aAAa,KAAK,YAAY;AAAA,QAC9B,aAAa,KAAK,YAAY;AAAA,QAC9B,aAAa,KAAK,YAAY;AAAA,QAC9B,UAAU,KAAK,YAAY;AAAA,QAC3B,YAAY,KAAK,YAAY;AAAA,QAC7B,UAAU,KAAK,YAAY;AAAA,QAC3B,cAAc,KAAK,YAAY;AAAA,QAC/B,UAAU;AAAA,UACR,cAAc,KAAK,YAAY,SAAS;AAAA,UACxC,gBAAgB,KAAK,YAAY,SAAS;AAAA,QAC5C;AAAA,QACA,cAAc,KAAK,YAAY,aAAa,IAAI,CAAC,cAAc;AAAA,UAC7D,KAAK,SAAS;AAAA,UACd,aAAa,SAAS;AAAA,UACtB,OAAO,SAAS;AAAA,UAChB,aAAa,SAAS;AAAA,UACtB,UAAU,SAAS;AAAA,UACnB,YAAY,SAAS;AAAA,QACvB,EAAE;AAAA,MACJ;AAEA,aAAO,EAAE,MAAM,SAAS,OAAO;AAAA,IACjC;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;","names":["require"]}
|
package/dist/cjs/server/index.js
CHANGED
|
@@ -20,28 +20,25 @@ var server_exports = {};
|
|
|
20
20
|
__export(server_exports, {
|
|
21
21
|
NextCookieStore: () => import_NextCookieAdapter.NextCookieStore,
|
|
22
22
|
auth: () => import_auth.auth,
|
|
23
|
-
authNew: () => import_auth_new.authNew,
|
|
24
23
|
createRouteMatcher: () => import_routeMatcher.createRouteMatcher,
|
|
25
24
|
ternSecureBackendClient: () => import_ternsecureClient.ternSecureBackendClient,
|
|
26
25
|
ternSecureInstrumentation: () => import_instrumentation.ternSecureInstrumentation,
|
|
27
|
-
|
|
26
|
+
ternSecureProxy: () => import_ternSecureProxy.ternSecureProxy
|
|
28
27
|
});
|
|
29
28
|
module.exports = __toCommonJS(server_exports);
|
|
30
|
-
var
|
|
29
|
+
var import_ternSecureProxy = require("./ternSecureProxy");
|
|
31
30
|
var import_instrumentation = require("./instrumentation");
|
|
32
31
|
var import_routeMatcher = require("./routeMatcher");
|
|
33
32
|
var import_ternsecureClient = require("./ternsecureClient");
|
|
34
33
|
var import_auth = require("../app-router/server/auth");
|
|
35
|
-
var import_auth_new = require("../app-router/server/auth_new");
|
|
36
34
|
var import_NextCookieAdapter = require("../utils/NextCookieAdapter");
|
|
37
35
|
// Annotate the CommonJS export names for ESM import in node:
|
|
38
36
|
0 && (module.exports = {
|
|
39
37
|
NextCookieStore,
|
|
40
38
|
auth,
|
|
41
|
-
authNew,
|
|
42
39
|
createRouteMatcher,
|
|
43
40
|
ternSecureBackendClient,
|
|
44
41
|
ternSecureInstrumentation,
|
|
45
|
-
|
|
42
|
+
ternSecureProxy
|
|
46
43
|
});
|
|
47
44
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export {\r\n
|
|
1
|
+
{"version":3,"sources":["../../../src/server/index.ts"],"sourcesContent":["export {\r\n ternSecureProxy,\r\n} from \"./ternSecureProxy\";\r\nexport { ternSecureInstrumentation } from \"./instrumentation\";\r\nexport { createRouteMatcher } from \"./routeMatcher\";\r\nexport { ternSecureBackendClient } from \"./ternsecureClient\";\r\nexport {\r\n auth\r\n} from \"../app-router/server/auth\";\r\nexport type { AuthResult } from \"../app-router/server/auth\";\r\nexport type { BaseUser, SessionResult } from \"./types\";\r\nexport { NextCookieStore } from \"../utils/NextCookieAdapter\";\r\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,6BAEO;AACP,6BAA0C;AAC1C,0BAAmC;AACnC,8BAAwC;AACxC,kBAEO;AAGP,+BAAgC;","names":[]}
|